dovecot Digest, Vol 173, Issue 28 (INTERNAL)

Aki Tuomi aki.tuomi at dovecot.fi
Tue Sep 12 13:02:43 EEST 2017


Wonder if this is actually a bug in your OpenSSL version?

Aki


On 12.09.2017 12:51, Arvid.Eikas at telenor.com wrote:
>
> DOVECOT LOG
> Sep 12 11:40:56 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A [88.89.118.45]
> Sep 12 11:40:56 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [88.89.118.45]
> Sep 12 11:40:56 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [88.89.118.45]
> Sep 12 11:40:56 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A [88.89.118.45]
> Sep 12 11:40:56 pop3-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [88.89.118.45]
> Sep 12 11:40:56 pop3-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [88.89.118.45]
> Sep 12 11:40:56 pop3-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [88.89.118.45]
> Sep 12 11:40:56 pop3-login: Info: Login: user=<viboge>, method=PLAIN, rip=88.89.118.45, lip=148.123.160.116, mpid=18250, TLS, session=<nR4H1/pYvc1YWXYt>
> Sep 12 11:40:56 pop3(viboge) Session-ID nR4H1/pYvc1YWXYt RemoteIP 88.89.118.45  Maildir /var/nextmail/nfs2.flex14/49/79/841 Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/22, size=17589388, totalread=32, totalsent=2181, uidl=22/50a23327
> Sep 12 11:40:56 pop3-login: Debug: SSL alert: close notify [88.89.118.45]
> Sep 12 11:40:56 pop3-login: Error: ENGINE_finish, bad functional reference count
> Sep 12 11:40:56 pop3-login: Fatal: master: service(pop3-login): child 18247 killed with signal 6 (core dumped)
>
> -----Original Message-----
> From: Aki Tuomi [mailto:aki.tuomi at dovecot.fi] 
> Sent: 12. september 2017 08:37
> To: dovecot at dovecot.org; Eikås Arvid
> Subject: Re: dovecot Digest, Vol 173, Issue 28 (INTERNAL)
>
> ~$ openssl s_client -connect 192.168.122.14:110 -starttls pop3
> CONNECTED(00000003)
> <snip/>
>     Verify return code: 10 (certificate has expired)
> ---
> +OK Dovecot ready.
> USER testuser1
> +OK
> PASS pass
> +OK Logged in.
> LIST
> +OK 11 messages:
> 1 14
> 2 14
> 3 14
> 4 14
> 5 14
> 6 14
> 7 14
> 8 14
> 9 14
> 10 14
> 11 14
> .
> QUIT
> DONE
>
> and no crash occurs. Using Dovecot v2.2.32 (dfbe293)
>
> Aki
>
> On 12.09.2017 09:33, Arvid.Eikas at telenor.com wrote:
>> Hi,
>>
>> It is quite easy.  
>> I use a client (thunderbird or windows live mail) set it up to use starttls on standard port 110. Logon and just do a list on the mailbox. The fatal error occurred when I logoff.
>>
>> Arvid
>>
>> -----Original Message-----
>> From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of 
>> dovecot-request at dovecot.org
>> Sent: 11. september 2017 14:57
>> To: dovecot at dovecot.org
>> Subject: dovecot Digest, Vol 173, Issue 28
>>
>> Send dovecot mailing list submissions to
>> 	dovecot at dovecot.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>> 	https://dovecot.org/mailman/listinfo/dovecot
>> or, via email, send a message with subject or body 'help' to
>> 	dovecot-request at dovecot.org
>>
>> You can reach the person managing the list at
>> 	dovecot-owner at dovecot.org
>>
>> When replying, please edit your Subject line so it is more specific than "Re: Contents of dovecot digest..."
>>
>>
>> Today's Topics:
>>
>>    1. Re: pop3-login core dump when using TLSSTART on version
>>       dovecot-2.2.32 (INTERNAL) (Aki Tuomi)
>>    2. Re: Per-user quota (passwd) (Evgeniy Korneechev)
>>    3. Re: Per-user quota (passwd) (Aki Tuomi)
>>    4. Re: Is it possible to disable pipelining in imapc? (Nagy, 
>> Attila)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Mon, 11 Sep 2017 13:57:19 +0300
>> From: Aki Tuomi <aki.tuomi at dovecot.fi>
>> To: dovecot at dovecot.org
>> Subject: Re: pop3-login core dump when using TLSSTART on version
>> 	dovecot-2.2.32 (INTERNAL)
>> Message-ID: <cd450054-53c4-2f84-eba7-7ce602c26892 at dovecot.fi>
>> Content-Type: text/plain; charset=utf-8
>>
>> Can you outline the exact steps you perform to get this?
>>
>> Aki
>>
>> On 11.09.2017 13:42, Arvid.Eikas at telenor.com wrote:
>>> Hi,
>>>
>>> I switched back to 2.2.27 with the same config that I am using for 2.2.32 and it work fine.  
>>>
>>> Sep 11 11:49:37 imap-login: Info: Login: user=<viboge>, method=PLAIN, 
>>> rip=88.89.118.45, lip=148.123.160.116, mpid=18709, TLS, 
>>> session=<v7o22OZYrsdYWXYt> Sep 11 11:49:40 imap(mailuser) Session-ID 
>>> v7o22OZYrsdYWXYt RemoteIP 88.89.118.45  Maildir
>>> /var/nextmail/nfs2.flex14/49/79/841 Info: Logged out in=4518
>>> out=273720 deleted 0 expunged 0 trashed 0 Sep 11 11:49:40 imap-login: 
>>> Debug: SSL alert: close notify [88.89.118.45]
>>>
>>> How could I proceed?  Any clue?  It is quite annoying to see this entry in the log for each session.
>>>
>>> Arvid
>>>
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: Aki Tuomi [mailto:aki.tuomi at dovecot.fi]
>>> Sent: 11. september 2017 09:18
>>> To: Eik?s Arvid; dovecot at dovecot.org
>>> Subject: Re: pop3-login core dump when using TLSSTART on version
>>> dovecot-2.2.32 (INTERNAL)
>>>
>>> Hi!
>>>
>>> I tried to reproduce this problem with dovecot-2.2.32 and OpenSSL 1.0.1k and was not able to. I enabled -DREF_CHECK on OpenSSL, but to no avail, the process did not crash. Is there something else you've done?
>>>
>>> Aki
>>>
>>>
>>> On 11.09.2017 08:07, Arvid.Eikas at telenor.com wrote:
>>>> Hi,
>>>>
>>>> Here is the gdb output.
>>>>
>>>> Arvid
>>>>
>>>> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7 Copyright (C)
>>>> 2013 Free Software Foundation, Inc.
>>>> License GPLv3+: GNU GPL version 3 or later 
>>>> <http://gnu.org/licenses/gpl.html>
>>>> This is free software: you are free to change and redistribute it.
>>>> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
>>>> and "show warranty" for details.
>>>> This GDB was configured as "x86_64-redhat-linux-gnu".
>>>> For bug reporting instructions, please see:
>>>> <http://www.gnu.org/software/gdb/bugs/>...
>>>> Reading symbols from /local/misc/mail/dovecot-32/libexec/dovecot/pop3-login...done.
>>>> [New LWP 15894]
>>>> Core was generated by `dovecot-test/pop3-login'.
>>>> Program terminated with signal 6, Aborted.
>>>> #0  0x00007ff0bd9cf1d7 in raise () from /lib64/libc.so.6 Missing 
>>>> separate debuginfos, use: debuginfo-install
>>>> glibc-2.17-157.el7_3.1.x86_64
>>>> (gdb) bt full
>>>> #0  0x00007ff0bd9cf1d7 in raise () from /lib64/libc.so.6 No symbol 
>>>> table info available.
>>>> #1  0x00007ff0bd9d08c8 in abort () from /lib64/libc.so.6 No symbol 
>>>> table info available.
>>>> #2  0x00007ff0bd3c0f2f in engine_unlocked_finish (e=0x1c51c60, unlock_for_handlers=1) at eng_init.c:115
>>>>         to_return = 1
>>>> #3  0x00007ff0bd3c1064 in ENGINE_finish (e=0x1c51c60) at eng_init.c:150
>>>>         to_return = 1
>>>> #4  0x00007ff0be0f9300 in ssl_proxy_deinit () from
>>>> /local/nextmail/dovecot/lib64/dovecot/libdovecot-login.so.0
>>>> No symbol table info available.
>>>> #5  0x00007ff0be0f4472 in main_deinit () from
>>>> /local/nextmail/dovecot/lib64/dovecot/libdovecot-login.so.0
>>>> No symbol table info available.
>>>> #6  0x00007ff0be0f479f in login_binary_run () from
>>>> /local/nextmail/dovecot/lib64/dovecot/libdovecot-login.so.0
>>>> No symbol table info available.
>>>> #7  0x00000000004032da in main (argc=1, argv=0x7ffe3059f3f8) at
>>>> client.c:356 No locals.
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Aki Tuomi [mailto:aki.tuomi at dovecot.fi]
>>>> Sent: 8. september 2017 14:08
>>>> To: Eik?s Arvid; dovecot at dovecot.org
>>>> Subject: Re: pop3-login core dump when using TLSSTART on version
>>>> dovecot-2.2.32 (OPEN)
>>>>
>>>> I assume you mean STARTTLS. Can you provide gdb /path/to/bin /path/to/core and provide output of bt full?
>>>>
>>>> Aki
>>>>
>>>>
>>>> On 08.09.2017 15:01, Arvid.Eikas at telenor.com wrote:
>>>>> Hi,
>>>>>
>>>>> Pop3-login are CORE-dumping when I log on with TLSSTART, I believe the same will happen with imap-logon to, but I have not tested it yet.
>>>>> The TLS session is coming up and it works fine until I log off, then it's core dump.  Open sslvesrion is   openssl-1.0.2k.
>>>>> We ran dovecot-2.2.27 before we upgraded to dovecote-2.2.32, and 
>>>>> that seems to work fine. (not core dumping)
>>>>>
>>>>>
>>>>> Arvid
>>>>>
>>>>>
>>>>> LOG
>>>>> Sep 05 14:27:34 pop3-login: Debug: SSL: elliptic curve secp384r1 
>>>>> will be used for ECDH and ECDHE key exchanges Sep 05 14:30:30 pop3-login:
>>>>> Debug: SSL: elliptic curve secp384r1 will be used for ECDH and 
>>>>> ECDHE key exchanges Sep 05 14:30:30 pop3-login: Debug: SSL: 
>>>>> elliptic curve
>>>>> secp384r1 will be used for ECDH and ECDHE key exchanges Sep 05
>>>>> 14:30:42 pop3-login: Debug: SSL: elliptic curve secp384r1 will be 
>>>>> used for ECDH and ECDHE key exchanges Sep 05 14:30:42 pop3-login: Debug:
>>>>> SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key 
>>>>> exchanges Sep 05 14:30:50 pop3-login: Info: Login: user=<tstrand>, 
>>>>> method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=18361, secured, 
>>>>> session=<65m8ZXBYtpN/AAAB> Sep 05 14:30:50 pop3-login: Error:
>>>>> ENGINE_finish, bad functional reference count Sep 05 14:30:50
>>>>> pop3-login: Fatal: master: service(pop3-login): child 18359 killed 
>>>>> with signal 6 (core dumped)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> From  ./crypto/engine/eng_init.c
>>>>>
>>>>> .........
>>>>> int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers) {
>>>>>     int to_return = 1;
>>>>>
>>>>>     /*
>>>>>      * Reduce the functional reference count here so if it's the terminating
>>>>>      * case, we can release the lock safely and call the finish() handler
>>>>>      * without risk of a race. We get a race if we leave the count until
>>>>>      * after and something else is calling "finish" at the same time -
>>>>>      * there's a chance that both threads will together take the count from 2
>>>>>      * to 0 without either calling finish().
>>>>>      */
>>>>>     e->funct_ref--;
>>>>>     engine_ref_debug(e, 1, -1);
>>>>>     if ((e->funct_ref == 0) && e->finish) {
>>>>>         if (unlock_for_handlers)
>>>>>             CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
>>>>>         to_return = e->finish(e);
>>>>>         if (unlock_for_handlers)
>>>>>             CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
>>>>>         if (!to_return)
>>>>>             return 0;
>>>>>     }
>>>>> #ifdef REF_CHECK
>>>>>     if (e->funct_ref < 0) {
>>>>>         fprintf(stderr, "ENGINE_finish, bad functional reference count\n");
>>>>>         abort();
>>>>>
>>>>> .........
>>>>>
>>>>> /* The API (locked) version of "finish" */ int ENGINE_finish(ENGINE
>>>>> *e) {
>>>>>     int to_return = 1;
>>>>>
>>>>>     if (e == NULL) {
>>>>>         ENGINEerr(ENGINE_F_ENGINE_FINISH, ERR_R_PASSED_NULL_PARAMETER);
>>>>>         return 0;
>>>>>     }
>>>>>     CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
>>>>>     to_return = engine_unlocked_finish(e, 1);
>>>>>     CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
>>>>>     if (!to_return) {
>>>>>         ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
>>>>>         return 0;
>>>>>     }
>>>>>     return to_return;
>>>>> }
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Mon, 11 Sep 2017 14:48:47 +0300 (MSK)
>> From: Evgeniy Korneechev <ekorneechev at altlinux.org>
>> To: Aki Tuomi <aki.tuomi at dovecot.fi>
>> Cc: dovecot <dovecot at dovecot.org>
>> Subject: Re: Per-user quota (passwd)
>> Message-ID:
>> 	<2046000051.747964.1505130527842.JavaMail.zimbra at remotesystems.ru>
>> Content-Type: text/plain; charset=utf-8
>>
>> Hi.
>> But there is one problem...
>>
>> protocol lda {
>>   mail_plugins = " quota autocreate  sieve quota"
>>   plugin {
>>     quota = dict:user::file:/var/vmail/glu_vrem/%u/.quotausage
>>   }
>> }
>> protocol imap {
>>   mail_plugins = " quota autocreate autocreate imap_quota"
>>   plugin {
>>     autocreate = INBOX
>>     autocreate2 = Sent
>>     autocreate3 = Trash
>>     autocreate4 = Drafts
>>     autocreate5 = Junk
>>     autosubscribe = INBOX
>>     autosubscribe2 = Sent
>>     autosubscribe3 = Trash
>>     autosubscribe4 = Drafts
>>     autosubscribe5 = Junk
>>     quota = dict:user::file:/var/vmail/glu_vrem/%u/.quotausage
>>   }
>> }
>>
>>> Users with non-standard quota in passwd-file:
>>>>>>>>> administrator:*:95400500:95400513:Administrator:/home/DOM/admin
>>>>>>>>> i strator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>> userdb_mail=maildir:/var/vmail/glu_vrem/administrator/Maildir
>>>>>>>>> administrator at email.dom:*:95400500:95400513:Administrator:/home
>>>>>>>>> / DOM/administrator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>> userdb_mail=maildir:/var/vmail/glu_vrem/administrator/Maildir
>>> Others from passwd.
>>
>> Files ".quotausage" are created in different directories:
>> /var/vmail/glu_vrem/administrator\DOM/.quotausage
>> /var/vmail/glu_vrem/administrator at email.dom/.quotausage
>> And must in the folder "/var/vmail/glu_vrem/administrator"
>>
>> How fix it?
>>
>>
>> ----- ???????? ????????? -----
>>> ??: "Evgeniy Korneechev" <ekorneechev at altlinux.org>
>>> ????: "Aki Tuomi" <aki.tuomi at dovecot.fi>
>>> ?????: "dovecot" <dovecot at dovecot.org>
>>> ????????????: ???????, 30 ???? 2017 ? 10:39:16
>>> ????: Re: Per-user quota (passwd)
>>> Our solution:
>>> userdb {
>>>  args = /etc/imap.passwd
>>>  driver = passwd-file
>>>  override_fields = home=/var/vmail/glu_vrem/%u } userdb {  driver = 
>>> passwd  override_fields = home=/var/vmail/glu_vrem/%u }
>>>
>>> Users with non-standard quota in passwd-file:
>>>>>>>>> administrator:*:95400500:95400513:Administrator:/home/DOM/admin
>>>>>>>>> i strator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>> userdb_mail=maildir:/var/vmail/glu_vrem/administrator/Maildir
>>>>>>>>> administrator at email.dom:*:95400500:95400513:Administrator:/home
>>>>>>>>> / DOM/administrator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>> userdb_mail=maildir:/var/vmail/glu_vrem/administrator/Maildir
>>> Others from passwd.
>>>
>>> Its works! Thanks.
>>>
>>>
>>> ----- ???????? ????????? -----
>>>> ??: "Aki Tuomi" <aki.tuomi at dovecot.fi>
>>>> ????: "dovecot" <dovecot at dovecot.org>
>>>> ????????????: ???????, 29 ???? 2017 ? 14:40:44
>>>> ????: Re: Per-user quota (passwd)
>>>> Oh you have multiple db's, I missed that.
>>>>
>>>> Remove auth_username_format, and instead
>>>>
>>>> userdb {
>>>>  args = /etc/imap.passwd username_format=%Ln  driver = passwd-file 
>>>> override_fields = home=/var/vmail/glu_vrem/%u }
>>>>
>>>> On 29.06.2017 14:35, Evgeniy Korneechev wrote:
>>>>> with auth_username_format = %Ln:
>>>>>
>>>>> Jun 28 14:43:41 auth: Debug: master in: USER    1    iivanov.ia at example.com
>>>>> service=lda
>>>>> Jun 28 14:43:41 auth-worker(18369): Debug: passwd(iivanov.ia): 
>>>>> lookup Jun 28 14:43:41 auth-worker(18369): Info: passwd(iivanov.ia): 
>>>>> unknown user  - trying the next userdb Jun 28 14:43:41
>>>>> auth-worker(18369): Debug: sql(iivanov.ia): SELECT email as user, 
>>>>> maildir as home, CONCAT('maildir:', maildir, '/Maildir') as mail, 
>>>>> uid, gid, \
>>>>>      CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as
>>>>>      sieve FROM mail_user WHERE (login = 'iivanov.ia' OR email =
>>>>> 'iivanov.ia') Jun 28 14:43:41 auth-worker(18369): Info: 
>>>>> sql(iivanov.ia): unknown user
>>>>>
>>>>> Maybe %Lu?
>>>>>
>>>>> ----- ???????? ????????? -----
>>>>>> ??: "Aki Tuomi" <aki.tuomi at dovecot.fi>
>>>>>> ????: "dovecot" <dovecot at dovecot.org>
>>>>>> ????????????: ???????, 29 ???? 2017 ? 14:10:07
>>>>>> ????: Re: Per-user quota (passwd)
>>>>>> Yes.
>>>>>>
>>>>>> Aki
>>>>>>
>>>>>> On 29.06.2017 14:07, Evgeniy Korneechev wrote:
>>>>>>> And if such a user:
>>>>>>> email (from AD) = ivanov.ia at example.com login (from AD), %n = 
>>>>>>> iivanov %d = DOM %u = iivanov at DOM
>>>>>>>
>>>>>>> ?
>>>>>>>
>>>>>>> ----- ???????? ????????? -----
>>>>>>>> ??: "Aki Tuomi" <aki.tuomi at dovecot.fi>
>>>>>>>> ????: "dovecot" <dovecot at dovecot.org>
>>>>>>>> ????????????: ???????, 29 ???? 2017 ? 13:59:05
>>>>>>>> ????: Re: Per-user quota (passwd) or use, as I indicated before, 
>>>>>>>> auth_username_format = %Ln
>>>>>>>>
>>>>>>>> Aki
>>>>>>>>
>>>>>>>>
>>>>>>>> On 29.06.2017 13:58, Evgeniy Korneechev wrote:
>>>>>>>>> Hi!
>>>>>>>>> workaround:
>>>>>>>>> administrator:*:95400500:95400513:Administrator:/home/DOM/admin
>>>>>>>>> i strator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>> userdb_mail=maildir:/var/vmail/glu_vrem/administrator/Maildir
>>>>>>>>> administrator at email.dom:*:95400500:95400513:Administrator:/home
>>>>>>>>> / DOM/administrator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>> userdb_mail=maildir:/var/vmail/glu_vrem/administrator/Maildir
>>>>>>>>>
>>>>>>>>> But this is not a solution for 1000 users ...
>>>>>>>>> Maybe is there extra field "userdb_mail=administrator at email.dom" 
>>>>>>>>> for email to passwd-file?
>>>>>>>>>
>>>>>>>>> ----- ???????? ????????? -----
>>>>>>>>>> ??: "Aki Tuomi" <aki.tuomi at dovecot.fi>
>>>>>>>>>> ????: "dovecot" <dovecot at dovecot.org>
>>>>>>>>>> ????????????: ?????, 28 ???? 2017 ? 12:40:48
>>>>>>>>>> ????: Re: Per-user quota (passwd) On 28.06.2017 12:36, Aki 
>>>>>>>>>> Tuomi wrote:
>>>>>>>>>>> On 28.06.2017 12:25, Evgeniy Korneechev wrote:
>>>>>>>>>>>> Hello!
>>>>>>>>>>>> We have passwd=pam, userdb=passwd.
>>>>>>>>>>>> passdb {
>>>>>>>>>>>>   driver = pam #server was entered domain Active Directory } 
>>>>>>>>>>>> userdb {
>>>>>>>>>>>>   driver = passwd
>>>>>>>>>>>>   override_fields = home=/var/vmail/glu_vrem/%u }
>>>>>>>>>>>>
>>>>>>>>>>>> How can i use per-user quota? Only passwd-file?
>>>>>>>>>>>>
>>>>>>>>>>>> I tried:
>>>>>>>>>>>> userdb {
>>>>>>>>>>>>   args = /etc/imap.passwd
>>>>>>>>>>>>   driver = passwd-file
>>>>>>>>>>>>   override_fields = home=/var/vmail/glu_vrem/%u }
>>>>>>>>>>>> /etc/imap.passwd:
>>>>>>>>>>>> administrator:*:95400500:95400513:Administrator:/home/DOM/ad
>>>>>>>>>>>> m inistrator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>>>>>
>>>>>>>>>>>> Authentication and quota - now OK. But doesn't work sending 
>>>>>>>>>>>> and receiving mail...
>>>>>>>>>>>> postfix say 'Unknown user'...
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Turn on auth_debug and auth_verbose and see what it says.
>>>>>>>>>>>>
>>>>>>>>>>>> Aki
>>>>>>>>>> Also you can set auth_username_format = %Ln to force usernames 
>>>>>>>>>> into lowercase without domain.
>>>>>>>>>>
>>>>>>>>>> Aki
>>> --
>>> WBR, Korneechev Evgeniy
>>> BaseALT/ALTLinux Team
>> --
>> WBR, Korneechev Evgeniy
>> BaseALT/ALTLinux Team
>>
>>
>> ------------------------------
>>
>> Message: 3
>> Date: Mon, 11 Sep 2017 14:51:13 +0300
>> From: Aki Tuomi <aki.tuomi at dovecot.fi>
>> To: dovecot at dovecot.org
>> Subject: Re: Per-user quota (passwd)
>> Message-ID: <7e86447f-10e6-51a3-ce8a-3c4c8261bac1 at dovecot.fi>
>> Content-Type: text/plain; charset=utf-8
>>
>> Hi!
>> Just so you know, autocreate/autosubscribe is deprecated, you should 
>> use
>>
>> namespace {
>>   mailbox INBOX {
>>    auto = subscribe
>>  }
>> }
>>
>> can you run
>>
>> doveadm user administrator at email.dom
>>
>> to verify that mail_home gets set correctly?
>>
>> Aki
>>
>> On 11.09.2017 14:48, Evgeniy Korneechev wrote:
>>> Hi.
>>> But there is one problem...
>>>
>>> protocol lda {
>>>   mail_plugins = " quota autocreate  sieve quota"
>>>   plugin {
>>>     quota = dict:user::file:/var/vmail/glu_vrem/%u/.quotausage
>>>   }
>>> }
>>> protocol imap {
>>>   mail_plugins = " quota autocreate autocreate imap_quota"
>>>   plugin {
>>>     autocreate = INBOX
>>>     autocreate2 = Sent
>>>     autocreate3 = Trash
>>>     autocreate4 = Drafts
>>>     autocreate5 = Junk
>>>     autosubscribe = INBOX
>>>     autosubscribe2 = Sent
>>>     autosubscribe3 = Trash
>>>     autosubscribe4 = Drafts
>>>     autosubscribe5 = Junk
>>>     quota = dict:user::file:/var/vmail/glu_vrem/%u/.quotausage
>>>   }
>>> }
>>>
>>>> Users with non-standard quota in passwd-file:
>>>>>>>>>> administrator:*:95400500:95400513:Administrator:/home/DOM/admi
>>>>>>>>>> nistrator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>>> userdb_mail=maildir:/var/vmail/glu_vrem/administrator/Maildir
>>>>>>>>>> administrator at email.dom:*:95400500:95400513:Administrator:/hom
>>>>>>>>>> e/DOM/administrator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>>> userdb_mail=maildir:/var/vmail/glu_vrem/administrator/Maildir
>>>> Others from passwd.
>>> Files ".quotausage" are created in different directories:
>>> /var/vmail/glu_vrem/administrator\DOM/.quotausage
>>> /var/vmail/glu_vrem/administrator at email.dom/.quotausage
>>> And must in the folder "/var/vmail/glu_vrem/administrator"
>>>
>>> How fix it?
>>>
>>>
>>> ----- ???????? ????????? -----
>>>> ??: "Evgeniy Korneechev" <ekorneechev at altlinux.org>
>>>> ????: "Aki Tuomi" <aki.tuomi at dovecot.fi>
>>>> ?????: "dovecot" <dovecot at dovecot.org>
>>>> ????????????: ???????, 30 ???? 2017 ? 10:39:16
>>>> ????: Re: Per-user quota (passwd)
>>>> Our solution:
>>>> userdb {
>>>>  args = /etc/imap.passwd
>>>>  driver = passwd-file
>>>>  override_fields = home=/var/vmail/glu_vrem/%u } userdb {  driver = 
>>>> passwd  override_fields = home=/var/vmail/glu_vrem/%u }
>>>>
>>>> Users with non-standard quota in passwd-file:
>>>>>>>>>> administrator:*:95400500:95400513:Administrator:/home/DOM/admi
>>>>>>>>>> nistrator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>>> userdb_mail=maildir:/var/vmail/glu_vrem/administrator/Maildir
>>>>>>>>>> administrator at email.dom:*:95400500:95400513:Administrator:/hom
>>>>>>>>>> e/DOM/administrator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>>> userdb_mail=maildir:/var/vmail/glu_vrem/administrator/Maildir
>>>> Others from passwd.
>>>>
>>>> Its works! Thanks.
>>>>
>>>>
>>>> ----- ???????? ????????? -----
>>>>> ??: "Aki Tuomi" <aki.tuomi at dovecot.fi>
>>>>> ????: "dovecot" <dovecot at dovecot.org>
>>>>> ????????????: ???????, 29 ???? 2017 ? 14:40:44
>>>>> ????: Re: Per-user quota (passwd)
>>>>> Oh you have multiple db's, I missed that.
>>>>>
>>>>> Remove auth_username_format, and instead
>>>>>
>>>>> userdb {
>>>>>  args = /etc/imap.passwd username_format=%Ln  driver = passwd-file  
>>>>> override_fields = home=/var/vmail/glu_vrem/%u }
>>>>>
>>>>> On 29.06.2017 14:35, Evgeniy Korneechev wrote:
>>>>>> with auth_username_format = %Ln:
>>>>>>
>>>>>> Jun 28 14:43:41 auth: Debug: master in: USER    1    iivanov.ia at example.com
>>>>>> service=lda
>>>>>> Jun 28 14:43:41 auth-worker(18369): Debug: passwd(iivanov.ia): 
>>>>>> lookup Jun 28 14:43:41 auth-worker(18369): Info: 
>>>>>> passwd(iivanov.ia): unknown user  - trying the next userdb Jun 28 
>>>>>> 14:43:41 auth-worker(18369): Debug: sql(iivanov.ia): SELECT email 
>>>>>> as user, maildir as home, CONCAT('maildir:', maildir, '/Maildir') 
>>>>>> as mail, uid, gid, \
>>>>>>      CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as
>>>>>>      sieve FROM mail_user WHERE (login = 'iivanov.ia' OR email = 
>>>>>> 'iivanov.ia') Jun 28 14:43:41 auth-worker(18369): Info: 
>>>>>> sql(iivanov.ia): unknown user
>>>>>>
>>>>>> Maybe %Lu?
>>>>>>
>>>>>> ----- ???????? ????????? -----
>>>>>>> ??: "Aki Tuomi" <aki.tuomi at dovecot.fi>
>>>>>>> ????: "dovecot" <dovecot at dovecot.org>
>>>>>>> ????????????: ???????, 29 ???? 2017 ? 14:10:07
>>>>>>> ????: Re: Per-user quota (passwd) Yes.
>>>>>>>
>>>>>>> Aki
>>>>>>>
>>>>>>> On 29.06.2017 14:07, Evgeniy Korneechev wrote:
>>>>>>>> And if such a user:
>>>>>>>> email (from AD) = ivanov.ia at example.com login (from AD), %n = 
>>>>>>>> iivanov %d = DOM %u = iivanov at DOM
>>>>>>>>
>>>>>>>> ?
>>>>>>>>
>>>>>>>> ----- ???????? ????????? -----
>>>>>>>>> ??: "Aki Tuomi" <aki.tuomi at dovecot.fi>
>>>>>>>>> ????: "dovecot" <dovecot at dovecot.org>
>>>>>>>>> ????????????: ???????, 29 ???? 2017 ? 13:59:05
>>>>>>>>> ????: Re: Per-user quota (passwd) or use, as I indicated 
>>>>>>>>> before, auth_username_format = %Ln
>>>>>>>>>
>>>>>>>>> Aki
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 29.06.2017 13:58, Evgeniy Korneechev wrote:
>>>>>>>>>> Hi!
>>>>>>>>>> workaround:
>>>>>>>>>> administrator:*:95400500:95400513:Administrator:/home/DOM/admi
>>>>>>>>>> nistrator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>>> userdb_mail=maildir:/var/vmail/glu_vrem/administrator/Maildir
>>>>>>>>>> administrator at email.dom:*:95400500:95400513:Administrator:/hom
>>>>>>>>>> e/DOM/administrator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>>> userdb_mail=maildir:/var/vmail/glu_vrem/administrator/Maildir
>>>>>>>>>>
>>>>>>>>>> But this is not a solution for 1000 users ...
>>>>>>>>>> Maybe is there extra field 
>>>>>>>>>> "userdb_mail=administrator at email.dom" for email to passwd-file?
>>>>>>>>>>
>>>>>>>>>> ----- ???????? ????????? -----
>>>>>>>>>>> ??: "Aki Tuomi" <aki.tuomi at dovecot.fi>
>>>>>>>>>>> ????: "dovecot" <dovecot at dovecot.org>
>>>>>>>>>>> ????????????: ?????, 28 ???? 2017 ? 12:40:48
>>>>>>>>>>> ????: Re: Per-user quota (passwd) On 28.06.2017 12:36, Aki 
>>>>>>>>>>> Tuomi wrote:
>>>>>>>>>>>> On 28.06.2017 12:25, Evgeniy Korneechev wrote:
>>>>>>>>>>>>> Hello!
>>>>>>>>>>>>> We have passwd=pam, userdb=passwd.
>>>>>>>>>>>>> passdb {
>>>>>>>>>>>>>   driver = pam #server was entered domain Active Directory 
>>>>>>>>>>>>> } userdb {
>>>>>>>>>>>>>   driver = passwd
>>>>>>>>>>>>>   override_fields = home=/var/vmail/glu_vrem/%u }
>>>>>>>>>>>>>
>>>>>>>>>>>>> How can i use per-user quota? Only passwd-file?
>>>>>>>>>>>>>
>>>>>>>>>>>>> I tried:
>>>>>>>>>>>>> userdb {
>>>>>>>>>>>>>   args = /etc/imap.passwd
>>>>>>>>>>>>>   driver = passwd-file
>>>>>>>>>>>>>   override_fields = home=/var/vmail/glu_vrem/%u }
>>>>>>>>>>>>> /etc/imap.passwd:
>>>>>>>>>>>>> administrator:*:95400500:95400513:Administrator:/home/DOM/a
>>>>>>>>>>>>> dministrator:/bin/bash::userdb_quota_rule=*:bytes=10G
>>>>>>>>>>>>>
>>>>>>>>>>>>> Authentication and quota - now OK. But doesn't work sending 
>>>>>>>>>>>>> and receiving mail...
>>>>>>>>>>>>> postfix say 'Unknown user'...
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Turn on auth_debug and auth_verbose and see what it says.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Aki
>>>>>>>>>>> Also you can set auth_username_format = %Ln to force 
>>>>>>>>>>> usernames into lowercase without domain.
>>>>>>>>>>>
>>>>>>>>>>> Aki
>>>> --
>>>> WBR, Korneechev Evgeniy
>>>> BaseALT/ALTLinux Team
>>
>> ------------------------------
>>
>> Message: 4
>> Date: Mon, 11 Sep 2017 14:56:28 +0200
>> From: "Nagy, Attila" <bra at fsn.hu>
>> To: Aki Tuomi <aki.tuomi at dovecot.fi>, dovecot at dovecot.org
>> Subject: Re: Is it possible to disable pipelining in imapc?
>> Message-ID: <a6ced659-fa75-60c9-01f7-bfb36e826466 at fsn.hu>
>> Content-Type: text/plain; charset=utf-8; format=flowed
>>
>> On 09/11/2017 12:12 PM, Aki Tuomi wrote:
>>> Is there some reason you can't use normal proxy instead of imap backend?
>>> That is,return proxy, host=imap_backend, port=1430? There seems to be 
>>> no pipeline setting currently for imapc in v2.2.
>>>
>> Yes, because it's a dumb IMAP server, which doesn't implement a lot of 
>> things, like SEARCH, FETCH BODYSTRUCTURE and similar.
>> Dovecot is used as a smart proxy, which makes it possible to use it as 
>> a fully featured IMAP server.
>>
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> dovecot mailing list
>> dovecot at dovecot.org
>> https://dovecot.org/mailman/listinfo/dovecot
>>
>> ------------------------------
>>
>> End of dovecot Digest, Vol 173, Issue 28
>> ****************************************



More information about the dovecot mailing list